How much sensitive data is on your smartphone and what are the odds of having your phone returned if you lose it? A security software company has just wrapped up a fascinating experiment and it turns out Canadians aren't as honest as you might have thought.

Sixty smartphones loaded with fake personal and corporate data were intentionally lost in six major cities across Canada in an experiment dubbed “The Honeystick Project".

"We really wanted to do this study to see what happens with these mobile phones when they get lost. What kind of personal information gets access on them, if any," said Lynn Hargrove, director of consumer solutions at Symantec Canada.

One of the phones was left on a bench in the Royal Centre Mall in downtown Vancouver. It was then remotely tracked through GPS technology to see exactly where it went, what sensitive information was accessed and how often.

It didn't take long for someone to pick the phone up. Exactly 13 minutes later, GPS tracking technology determined that someone had accessed the webmail on the smartphone.

The phone was then carried to the Burrard SkyTrain station where webmail was accessed a second time. Then the smartphone moved to the Gastown areawhere the finder had time to search the device for HR salaries, calendar and webmail.

From there, it was off to Rupert Park, where private photos were repeatedly accessed. The following day, the smartphone was plugged in to be recharged.

The last recorded activity was reported on January 18th around 9:20 p.m. when the phone was again plugged in for charging. At no time did anyone attempt to return the phone to its owner.

Of the 60 intentionally lost smartphones across Canada, only 33 attempts were made to return the device to its owner. Before attempting to return the smartphone, the vast majority of finders still accessed information on those lost devices, everything from HR files to online banking apps.

"People are naturally curious, but it went way beyond that. They were looking for information. They were looking to gain access," said Hargrove.

After crunching the data from the Honeystick Project experiment. It was determined that:

  •          93% of finders had accessed the device
  •          83% clicked on personal data like photos
  •          72% showed attempts to click on login and password reset screens
  •          63% clicked on corporate data like HR salaries, HR cases and corporate email clients

"I think the message here is phone security has to be at the paramount because you have so much personal, private information on that device.  You never want that to get in the wrong hands," said Hargrove.

To make things worse, it turns out Vancouverites were the least likely to return the lost smartphones.  Of the ten phones in the Vancouver experiment, only three attempts were made to find the owner. Calgary, Toronto and Ottawa had the highest attempted return rate at 70 per cent.

The security experts have a few simple tips.Use the screen lock feature on your phone and make sure you have a strong password.  A shocking number of people use weak passwords like 1-2-3-4 or the word "password". And download security software onto your smartphone that has remote and lock capabilities so you can remotely lock and wipe all your personal information if the phone is lost or stolen.